Mozilla Foundation Security Advisory 2015-140

Cross-origin information leak through web workers error events

Announced

December 15, 2015

Reporter

Masato Kinugawa

Impact

High

Products

Firefox

Fixed in

Firefox 43

Description

Security researcher Masato Kinugawa reported a cross-origin
information leak through the error events in web workers. This violates same-origin policy
and the leaked information could potentially be used by a malicious party to gather
authentication tokens and other data from third-party websites.

This issue affects other browsers as well and is not limited to Mozilla
products.